ICO call for views on a direct marketing code of practice 


CO. 


lntormation Commisskaner's Office 


It is important that organisations ensure their marketing activities are compliant with data 
protection legislation (the General Data Protection Regulation and Data Protection Act 2018) 
and, where necessary, the Privacy and Electronic Communications Regulations 2003 (PECR). 


The new code of practice will build on our current direct marketing guidance and address the 
aspects of the new legislation relevant to direct marketing such as transparency and lawful 
bases for processing, as well as covering the rules on electronic marketing (for example 
emails, text messages, phone calls) under PECR. 


The European Union is in the process of replacing the current e-privacy law (and therefore 
PECR) with a new ePrivacy Regulation (ePR). However the new ePR is yet to be agreed and 
there is no certainty about what the final rules will be. Because of this we intend for the 
direct marketing code to only cover the current PECR rules until the ePR is agreed. Once the 
ePR is finalised and the UK position in relation to it is clear we will produce an updated 
version of the code which takes this into account as appropriate. 


Please send us your views by 24 December 2018. 


Privacy statement 


For this call for views we will publish responses received from organisations but will remove 
any personal data before publication. We will not publish responses from individuals. For 
more information about what we do with personal data please see our privacy notice. 


Q1 


The code will address the changes in data protection legislation and the implications 


for direct marketing. What changes to the data protection legislation do you think we 
should focus on in the direct marketing code? 


Changes caused by GDPR obviously, however I think what would be of more benefit 


would be to focus on the change and evolution of the technological environment 
rather than legislative changes. 


Q2 


Q3 


Q4 


Q5 


Apart from the recent changes to data protection legislation are there other developments 


that are having an impact on your organisation’s direct marketing practices that you think 
we should address in the code? 


Yes 


No 


If yes please specify 


New online tools such as Facebook Custom Audience, lookalike audiences on a 
variety of social media platforms and the ability to do so much more with cookies to 
build a profile about your audience. It would be very useful to provide more 
guidance on this as electronic direct marketing has moved on so much from 
telephone, direct email, fax, SMS marketing. 


We are planning to produce the code before the draft ePrivacy Regulation (ePR) is agreed. 


We will then produce a revised code once the ePR becomes law. Do you agree with this 
approach? 


Yes 


No 


If no please explain why you disagree 


Q6 


Q7 


Q8 


Q9 


Is the content of the ICO’s existing direct marketing guidance relevant to the marketing that 
your organisation is involved in? 


Yes 
No 


If no what additional areas would you like to see covered? 


More information on the online marketing tools such as Facebook's custom audience 
and Lookalike audience functions (does PECR apply?). Also it would be useful to 
provide more guidance on the line between marketing and admin/stewardship 
emails (does telling people what kind of thing we could do with the money 
fundraised/donated in a thank you letter count as marketing?). Also, supporters tell 
us they see donating as a service (providing them with opportunity/service to 
contribute towards fixing a problem), but the ICO have disagreed. If this is still the 
position, could it be explicitly stated in soft opt-in section? 


Is it easy to find information in our existing direct marketing guidance? 


Yes 
No 


If no, do you have any suggestions on how we should structure the direct marketing 
code? 


Q10 Please provide details of any case studies or marketing scenarios that you would like 


Q11 


to see included in the direct marketing code. 


Use of Facebook custom audience to reach out to known customers/supporters on 
Facebook. Does this count as direct marketing? What kind of consent is needed? 
Similarly lookalike audiences which are available on numerous social media 
platforms. This is where you provide details of your customers/supporters and the 
social emdia platform find them on their platform, see what interests they have and 
then find simialr people who they then forward your marketing message on to. 
These 'lookalike' people are never known to the originating organisation. Is this 
direct electronic marketing? If so by whom - organisation or social media platform? 
Who would be the data controller (or would it be joint?)? 


Do you have any other suggestions for the direct marketing code? 


Please bring it into current technological age and address more then obvious 


electronic direct marketing. Most organisations get these now, its the new grey 
areas we need help with 


About you: 


Qi2 Are you answering these questions as: 
a public sector worker 
a private sector worker 
a third or voluntary sector worker 
a member of the public 
a representative of a trade association 
a data subject 
an ICO employee 


other 
If you answered other, please specify: 


Q13 Please provide the name of the organisation that you are representing: 
Alzheimer's Society 


Q14 We may want to contact you about some of the points you have raised. If you are 
happy for us to do this please provide your email address: 


EE © alzheimers. org.uk 


Thank you for taking the time to share your views and experience. 


